From: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
---|---|
To: | Rahul Shirsat <rahul(dot)shirsat(at)enterprisedb(dot)com> |
Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org> |
Subject: | Re: SameSite issues in Safari Browser (reference #RM5975) |
Date: | 2020-11-26 05:57:32 |
Message-ID: | CANxoLDeLQRyX-7pJVOLFCP71srvkov7i-_U_rNppWPV6hp8MTQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-hackers |
Hi Rahul
On Wed, Nov 25, 2020 at 4:07 PM Rahul Shirsat <
rahul(dot)shirsat(at)enterprisedb(dot)com> wrote:
> Hi Dave,
>
> Due to SameSite security issues in Safari Browser, some of the pgadmin4
> functionality isn't working (mostly the new tab functionality).
>
> The affected Safari Browser versions (marked in red) currently tested upon
> are:
>
> 1. v11.1.2
> 2. v12.1
> 3. v12.1.1
> 4. 13.1
> 5. 14.0.1
>
> Since v12, Safari have done some security fixes, due to which this issue
> has occurred. Strangely, the issue is not reproducible on v13, but
> reproducible on its successor i.e. v14
>
> Possible solutions could be:
>
> 1. Reporting this to Safari & raising an RM for tracking purposes.
> 2. Suggesting Safari users to make below changes in config.py or
> config_distro for the work around:
>
> *SESSION_COOKIE_SAMESITE = None*
>
> *SESSION_COOKIE_SECURE = True*
> (As we aren't going through any cross-site cookie transfer, this can be a
> handy option - but still risky..)
>
> I would suggest going with the 1st option or combination of both, but with
> caution.
>
In my opinion, we should go with both the options, as we have added the
above settings for security purposes.
>
> --
> *Rahul Shirsat*
> Software Engineer | EnterpriseDB Corporation.
>
--
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*
*Mobile: +91 976-788-8246*
From | Date | Subject | |
---|---|---|---|
Next Message | Akshay Joshi | 2020-11-26 06:22:19 | pgAdmin 4 commit: Improve code coverage and API test cases for Foreign |
Previous Message | Rahul Shirsat | 2020-11-25 10:37:12 | SameSite issues in Safari Browser (reference #RM5975) |